CVE-2025-37742

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-37742
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37742.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37742
Downstream
Related
Published
2025-05-01T12:55:50.603Z
Modified
2026-05-07T04:17:32.367055Z
Summary
jfs: Fix uninit-value access of imap allocated in the diMount() function
Details

In the Linux kernel, the following vulnerability has been resolved:

jfs: Fix uninit-value access of imap allocated in the diMount() function

syzbot reports that hexdumpto_buffer is using uninit-value:

===================================================== BUG: KMSAN: uninit-value in hexdumptobuffer+0x888/0x1100 lib/hexdump.c:171 hexdumptobuffer+0x888/0x1100 lib/hexdump.c:171 printhexdump+0x13d/0x3e0 lib/hexdump.c:276 diFree+0x5ba/0x4350 fs/jfs/jfsimap.c:876 jfsevictinode+0x510/0x550 fs/jfs/inode.c:156 evict+0x723/0xd10 fs/inode.c:796 iputfinal fs/inode.c:1946 [inline] iput+0x97b/0xdb0 fs/inode.c:1972 txUpdateMap+0xf3e/0x1150 fs/jfs/jfstxnmgr.c:2367 txLazyCommit fs/jfs/jfstxnmgr.c:2664 [inline] jfslazycommit+0x627/0x11d0 fs/jfs/jfstxnmgr.c:2733 kthread+0x6b9/0xef0 kernel/kthread.c:464 retfromfork+0x6d/0x90 arch/x86/kernel/process.c:148 retfromforkasm+0x1a/0x30 arch/x86/entry/entry64.S:244

Uninit was created at: slabpostallochook mm/slub.c:4121 [inline] slaballoc_node mm/slub.c:4164 [inline] __kmalloccachenoprof+0x8e3/0xdf0 mm/slub.c:4320 kmallocnoprof include/linux/slab.h:901 [inline] diMount+0x61/0x7f0 fs/jfs/jfsimap.c:105 jfsmount+0xa8e/0x11d0 fs/jfs/jfsmount.c:176 jfsfillsuper+0xa47/0x17c0 fs/jfs/super.c:523 gettreebdevflags+0x6ec/0x910 fs/super.c:1636 gettreebdev+0x37/0x50 fs/super.c:1659 jfsgettree+0x34/0x40 fs/jfs/super.c:635 vfsgettree+0xb1/0x5a0 fs/super.c:1814 donewmount+0x71f/0x15e0 fs/namespace.c:3560 pathmount+0x742/0x1f10 fs/namespace.c:3887 do_mount fs/namespace.c:3900 [inline] __dosysmount fs/namespace.c:4111 [inline] __sesysmount+0x71f/0x800 fs/namespace.c:4088 _x64sysmount+0xe4/0x150 fs/namespace.c:4088 x64syscall+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls64.h:166 dosyscallx64 arch/x86/entry/common.c:52 [inline] dosyscall64+0xcd/0x1e0 arch/x86/entry/common.c:83

entrySYSCALL64afterhwframe+0x77/0x7f

The reason is that imap is not properly initialized after memory allocation. It will cause the snprintf() function to write uninitialized data into linebuf within hexdumpto_buffer().

Fix this by using kzalloc instead of kmalloc to clear its content at the beginning in diMount().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37742.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
4f10732712fce33e53703ffe5ed9155f23814097
Fixed
cab1852368dd74d629ee02abdbc559218ca64dde
Fixed
067347e00a3a7d04afed93f080c6c131e5dd15ee
Fixed
63148ce4904faa668daffdd1d3c1199ae315ef2c
Fixed
7057f3aab47629d38e54eae83505813cf0da1e4b
Fixed
d0d7eca253ccd0619b3d2b683ffe32218ebca9ac
Fixed
9629d7d66c621671d9a47afe27ca9336bfc8a9ea

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37742.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.12
Fixed
5.15.181
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.135
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.88
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.24
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.12
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37742.json"